And just to prove that Claus isn’t all work and no play…my brother and I hooked up over the weekend and spend a breezy, clear and beautiful day exploring a regional bird-watching park. He tended to go for photos of actual birds. My shots were more of “desktop” background compositions…though I did get more than a few ducks in the frame.

Ad2Store redirections: the latest annoyance for mobile users - Malwarebytes Unpacked. I can’t count how many times I’ve visited the home-page of a regional newspaper on my iPhone, then instantly “BAMO” I get redirected and instead of Chrome for iOS that I was looking at, I am now staring at my AppStore application offering me a stupid “free” game to download. This has annoyed and bothered me to no end. I knew the general mechanism on why this occurred from time to time, however this Malwarebytes blog post does an excellent job sorting it out in a way that can be explained for less technical users (family/friends) who encounter it. Well worth the read.

The best part for me was the following recommendation:

“…it would make more sense for Apple (in the name of ‘user experience’) to block all non user initiated requests to launch the App Store (or at least prompt the user before) and the same goes for Google with its Play Store.”

Yep. Got my vote.

Download Wrappers and Unwanted Software are pure evil - Scott Hanselman. Trying to counsel family and friends to download software from a third-party site is fraught with dangers. I always try to get them to the main software developer’s site rather than one of the many that also offer download links. There are a handful (maybe two such as filehippo or Major Geeks) that I trust but that’s about it. Even some software companies are not hosting their free product downloads on third-party download hosting sites. As Scott points out and illustrates, it is very easy to get sucked down a rabbit-hole of Alice in Wonderland craziness trying to download a simple application if you are not very, very, very careful and vigilant. Downloaders beware!Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | FireEye Blog

While we’re at it, go ahead and pop onto the Qualys Browser check page in each of your system’s web-browsers; chrome/firefox/IE/opera to check that you are not missing any other core browser plugin updates.

Unless you have been in the deep woods for the past few weeks, you probably noticed that Sysinternals recently did a major minor update to Process Explorer to bump it to version 16.0 and then quickly to 16.01

And the biggest new feature was to integrate VirusTotal with it so you can search processes “on the fly” with VirusTotal. Pretty handy and cool.

Another cool tool I use and am getting to know is “PowerTool” - It is a “…a free anti-virus&rootkit utility. It offers you the ability to detect, analyze and fix various kernel structure modifications and gives you a wide scope of the kernel.” It supports both x86 and x64 platforms. It has all kinds of special bells and whistles for detecting aberrations in standard operations on a Windows system.

Finally, I’ve mentioned the free ESET SysInspector (x32 & x64 versions available) to not just generate a detailed log report of running processes, but also scan for hidden processes and objects, compare generated logs, and automatic heuristic analysis (color coded) of those processes and other system contents for focused analysis. It rocks.

Use a good/free password manager to generate complex, strong, long random password strings (like this one you can have for free: €&ÖTÒC²ÿ­¦Aì:ÿ±ØF3`¹æ„åB£/¸4ö»„R+Üb"j9Ä¦) And use a different one for each online account. I personally recommend the free KeePass Password Safe but there are tons of great, free, open-source ones out there for the choosing.

If you have smartphone, you can often share that database across platforms to make it convenient. MiniKeePass (for iOS).

Don’t use your actual personal information (birthday, favorite things, actual/true answers to security questions); a password keeper can help you keep track of what answer you used. This way if those responses get hacked for the world to see, they can’t be used against you on other sites.

Use a different email-address to register for each of your “core” high-security/high-value account web-sties. Many online accounts use/require an email address for the account name. If one account gets breached, they won’t be able to use it on other accounts. Most email clients (and some online email services) allow you to pull emails from more than one email account. That would let you aggregate all these different email addresses into one place.

Sign up one or more of your user-name/email addresses over at Have I been pwned? to proactively monitor for account breaches. Unless you are engaged in the security news industry, a number of critical days might pass before you hear on the mainstream tv/radio/internet news channels of a breach. If you hear it from the pros first, then you have a jump on getting your account credentials changed before someone uses/buys/abuses them. At least that’s the theory.

While I have traditionally gone first with Microsoft Security Essentials for active (free) AV/AM protection (mostly for it’s ease of use and general ubiquity for them), having MAM-Free allows me to have them do an “on-demand” scan of their system periodically when something “hinky” pops up and we want to have a trusted second-opinion that MSE addressed the threat detection. That seems to be a popular combination.

The biggest drawbacks of the free version (IMHO) are that it does not support real-time protection nor allow for heuristic detection. The pro version covers those features and more.

So it was with some excitement that I read about Malwarebytes having a fresh new rebuild of the Anti-Malware product, version 2.0.

It is currently in beta but looks and performs very, very well on my test systems.

The beta is for the “consumer” version of the product, the business version is not yet released.

If you are running MalwareBytes Free/Pro, first uninstall it before installing the beta version.

It is going to operate under a subscription licensing model, $24.95 year.

According to Malwarebytes, if you spring now for a lifetime license now (under the current build level), they will honor that lifetime license for version 2.0 so you won’t have to switch/pay for the yearly subscription price. That’s a super-deal and savings. Shop around as prices will vary a bit.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!